SRX Secrets Michel Tepper
Jan 07, 2016
SRX Secrets
Michel Tepper
SRX
Agenda
•Security•Routing•Switching
SRXSecurity-Sure: statefull firewalling
IPSEC
-But what about
Screening options
IDP
App secure
UAC integration?
root@FW-SRX550# ...es from-zone guest to-zone untrust policy p1 match source-identity ?
Possible completions:
<source-identity-name> Specify source-identity name from list to match
[ Open a set of values
any Any user includes authenticated, unauthenticated and unknown user
authenticated-user All authenticated users
unauthenticated-user All unauthenticated users
unknown-user All unknown users
SRX
Routing- Static, of course- OSPF- BGP- ISIS- MPLS / VPLS- BFD
Who knows the statement:
set security forwarding-options family mpls mode packet-based ?
SRX
Routing
Route based VPN’s
Not realy a secret anymore
But: very often static routing is used
OSPF offers great redudancy
Add BFD and failover occurs within a second.
SRX
Routing
Selective packet based
What if some traffic needs to by-pass the flow module?.
Example: backup traffic
Use a packet filter to create an exception!
SRX
Routing
Stateless firewall rules
Very usefull, even on a statefull device-Drop traffic before it hits the flow module-Class Of Service -Rate limiting
SRX
Switching
-Switching-LAG interfaces !!-POE
-Also in SMB cluster-IN DataCentre with VRRP
SRX
Thank you!